PDS2 SCA Compliance Checklist
First published: 23/12/2019
updated: 21/10/2022
Ingrid Nes
One of the aims of the Revised Payment Service Directive, more commonly known as PSD2, is to better protect consumers when they pay online. The requirement for a strong customer authentication (SCA) in a majority of these electronic payments is a key element of the regulation.
The Requirements of SCA
To increase the security of transactions, SCA has a requirement for multi-factor authentication. SCA requires that transactions are authenticated with at least two of these three factors:
- Possession: Something the user has, like a token
- Knowledge: Something the user knows, like a pin or a password
- Inherence: Something the user is. Most commonly refers to biometrics like fingerprints.
With Okay, you can add an additional layer of security without having to write or manage the security requirements needed for a secure and trusted transaction. Check out our previous post where we cover just how Okay provides 2FA support.
2FA and the EBA
Beyond what is commonly called second factor authentication, the EBA also made a few requirements about security itself, around the transaction, and around its authentication process.
In June 2019, the European Banking Authority (EBA) published an opinion on how the elements of SCA should be understood under PSD2. When evaluating whether or not your service is SCA compliant under PSD2, it is important to make sure that it is in line with EBA’s opinion.
Is Your App Compliant?
With Okay’s checklist, you have an easy-to-use tool to check if your app is ready for PSD2 SCA compliance. In addition to the authentication factors, the checklist includes points on the secure environment, malware protection and documentation of the solution.
Download the checklist, and check if you are ready for SCA under PSD2!